When I try to login in my Rails app using omniauth-facebook, I'm getting the following error. This is when testing on localhost:3000:
Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://
I saw this other recent post on SO, but Facebook doesn't seem to be allowing me to change the "Enforce HTTPS for Web OAuth Login" settings in the developer console for this app that I created today. I can change that setting for old apps.
Any ideas on how to fix this or get around it? I'll use HTTPS in production, but just want to be able to use localhost (http) in development.
Running local server in HTTPS mode can be useful many times, not just only for the facebook api.
Though, Rails still do not provide an easy way to run rails server in SSL mode. But there're several ways to achieve that:
Use thin server instead of puma/webrick rails default one
thin server allows you to run your application in SSL mode with a minimum effort:
Edit config/application.rb and add:
config.force_ssl = true
Start thin server:
$ thin start --ssl
See full info about that here: How to enable SSL for Rails development environment in two minutes?
Use http tunnel tools like ngrok
Tools like ngrok allow you to create a tunnel form your localhost to the Internet with ease - it also creates both http:// and https:// endpoints for you:
$ rails s -p 3000
$ ./ngrok http 3000
ngrok by @inconshreveable (Ctrl+C to quit)
Session Status online
Session Expires 7 hours, 59 minutes
Version 2.2.8
Region United States (us)
Web Interface http://127.0.0.1:4040
Forwarding http://2608e936.ngrok.io -> localhost:3000
Forwarding https://2608e936.ngrok.io -> localhost:3000
Copy the generated url (like https://2608e936.ngrok.io and use it to access your local server.